Support / Security / Advisories / Mandrakelinux 9.2 / MDKSA-2004:091

Package name: cdrecord
Date: 2004-09-07
Advisory ID: MDKSA-2004:091
Affected versions: 10.0 amd64 , 9.2 i586 , 10.0 i586 , 9.2 amd64

Problem description

Max Vozeler found that the cdrecord program, which is suid root, fails to drop euid=0 when it exec()s a program specified by the user through the $RSH environment variable. This can be abused by a local attacker to obtain root privileges. The updated packages are patched to fix the vulnerability.

Updated packages

10.0 amd64

 df08036127fd28e366fa6669ed59f88b  amd64/10.0/RPMS/cdrecord-2.01-0.a28.2.100mdk.amd64.rpm
f0b5a254593697ef0ac13f7574cf536f  amd64/10.0/RPMS/cdrecord-cdda2wav-2.01-0.a28.2.100mdk.amd64.rpm
ec1c76a1b4977e4f6e45dd097f7a45ef  amd64/10.0/RPMS/cdrecord-devel-2.01-0.a28.2.100mdk.amd64.rpm
4ec3142c182f957a6d344b375d626320  amd64/10.0/RPMS/mkisofs-2.01-0.a28.2.100mdk.amd64.rpm
6afbd923794d2af44ef2e248e361382b  amd64/10.0/SRPMS/cdrecord-2.01-0.a28.2.100mdk.src.rpm

9.2 i586

 e891b428d8a011447eb6462dca30514e  9.2/RPMS/cdrecord-2.01-0.a18.2.1.92mdk.i586.rpm
9778aa9258911700bffe590be69e3782  9.2/RPMS/cdrecord-cdda2wav-2.01-0.a18.2.1.92mdk.i586.rpm
2cdd7b8f33dd7f7ce0c08aa682498891  9.2/RPMS/cdrecord-devel-2.01-0.a18.2.1.92mdk.i586.rpm
78b0c2cb0b529a54eb4607f4305809d1  9.2/RPMS/mkisofs-2.01-0.a18.2.1.92mdk.i586.rpm
3ede5ae3288520fc3a51c63cd05cc3db  9.2/SRPMS/cdrecord-2.01-0.a18.2.1.92mdk.src.rpm

10.0 i586

 4b5efe36a9a154b70e62da203c21fb48  10.0/RPMS/cdrecord-2.01-0.a28.2.100mdk.i586.rpm
793909d6cce70205939fdb0b48f037e5  10.0/RPMS/cdrecord-cdda2wav-2.01-0.a28.2.100mdk.i586.rpm
7dd067450567cf5d9a18233fe2379a5d  10.0/RPMS/cdrecord-devel-2.01-0.a28.2.100mdk.i586.rpm
1bd94d54eed67497a8427f91239538e5  10.0/RPMS/mkisofs-2.01-0.a28.2.100mdk.i586.rpm
6afbd923794d2af44ef2e248e361382b  10.0/SRPMS/cdrecord-2.01-0.a28.2.100mdk.src.rpm

9.2 amd64

 c5306547c4f1221f3fd787d2b09dfa32  amd64/9.2/RPMS/cdrecord-2.01-0.a18.2.1.92mdk.amd64.rpm
5abf5f3fad0ec3d05f923c88c2255827  amd64/9.2/RPMS/cdrecord-cdda2wav-2.01-0.a18.2.1.92mdk.amd64.rpm
b23bc43f135cc19254c81cf96e793780  amd64/9.2/RPMS/cdrecord-devel-2.01-0.a18.2.1.92mdk.amd64.rpm
86e60c70ee807846ace4b7e2a7e5db7a  amd64/9.2/RPMS/mkisofs-2.01-0.a18.2.1.92mdk.amd64.rpm
3ede5ae3288520fc3a51c63cd05cc3db  amd64/9.2/SRPMS/cdrecord-2.01-0.a18.2.1.92mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0806